Module: Ardecy::Harden

Extended by:
Display
Defined in:
lib/ardecy/harden.rb,
lib/ardecy/harden/perms.rb,
lib/ardecy/harden/sysctl.rb,
lib/ardecy/harden/cmdline.rb,
lib/ardecy/harden/modules.rb,
lib/ardecy/harden/mountpoint.rb,
lib/ardecy/harden/sysctl/kernel.rb,
lib/ardecy/harden/sysctl/network.rb

Defined Under Namespace

Modules: CmdLine, Modules, Mountpoint, Perms, Sysctl

Class Method Summary collapse

Methods included from Display

display_fix_list, kernel_show, perm_show, result, show_bad_mod, title

Class Method Details

.cmdline(args) ⇒ Object 



46
47
48
49
50
 
# File 'lib/ardecy/harden.rb', line 46

def self.cmdline(args)
  puts
  title 'Kernel Cmdline'
  CmdLine.exec(args)
end

.modules(args) ⇒ Object 



20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/ardecy/harden.rb', line 20

def self.modules(args)
  puts
  title 'Kernel Modules'
  Modules::Blacklist.exec(args)
  return unless args[:fix]

  if Dir.exist? '/etc/modprobe.d/'
    conf = '/etc/modprobe.d/ardecy_blacklist.conf'
    writing(conf, Modules::BLACKLIST, args[:audit])
  else
    puts "[-] Directory /etc/modprobe.d/ no found..."
  end
end

.mountpoint(args) ⇒ Object 



40
41
42
43
44
 
# File 'lib/ardecy/harden.rb', line 40

def self.mountpoint(args)
  puts
  title 'Mountpoint'
  Mountpoint.exec(args)
end

.permissions(args) ⇒ Object 



34
35
36
37
38
 
# File 'lib/ardecy/harden.rb', line 34

def self.permissions(args)
  puts
  title 'Directory Permissions'
  Perms::Directory.exec(args)
end

.sysctl(args) ⇒ Object 



14
15
16
17
18
 
# File 'lib/ardecy/harden.rb', line 14

def self.sysctl(args)
  sysctl_kernel(args)
  puts
  sysctl_network(args)
end

.sysctl_kernel(args) ⇒ Object 



65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/ardecy/harden.rb', line 65

def self.sysctl_kernel(args)
  title 'Kernel Hardening'
  Sysctl::Kernel.exec(args)
  return unless args[:fix]

  if Dir.exist? '/etc/sysctl.d/'
    conf = '/etc/sysctl.d/ardecy_kernel.conf'
    writing(conf, Sysctl::KERNEL, args[:audit])
  else
    puts '[-] Directory /etc/sysctl.d/ no found.'
  end
end

.sysctl_network(args) ⇒ Object 



78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/ardecy/harden.rb', line 78

def self.sysctl_network(args)
  title 'Network Hardening'
  Sysctl::Network.exec(args)
  return unless args[:fix]

  if Dir.exist? '/etc/sysctl.d/'
    conf = '/etc/sysctl.d/ardecy_network.conf'
    writing(conf, Sysctl::NETWORK, args[:audit])
  else
    puts '[-] Directory /etc/sysctl.d/ no found.'
  end
end

.writing(file, list, audit = false) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/ardecy/harden.rb', line 52

def self.writing(file, list, audit = false)
  return unless list.length >= 1

  puts if audit
  puts " ===> Applying at #{file}..."
  display_fix_list list

  list << "\n"
  list_f = list.freeze

  File.write(file, list_f.join("\n"), mode: 'w', chmod: 644)
end